By Owais Sultan
Today’s mobile-first world calls for functional solutions that meet the expectations of smartphone users. Creating a user-friendly mobile…
This is a post from HackRead.com Read the original post: Top Benefits of Using Flutter for Cross-Platform App Development

Today’s mobile-first world calls for functional solutions that meet the expectations of smartphone users. Creating a user-friendly mobile application is a good strategy for driving your business growth and boosting profits. However, with multiple platforms and devices available, it can be challenging to develop an application that works smoothly across all of them. This is where Flutter comes in handy.

**What is Flutter?**

Flutter is a cross-platform framework that enables you to reach your customers across a variety of platforms at once. In other words, you can create a single source code that is reused across different operating systems, including the absolute mobile market leaders – Android and iOS.

If your target audience is dispersed among various platforms, Flutter can be a real game-changer for your business. However, this technology has plenty of other advantages as well.

**The benefits of the Flutter framework**

Using flutter app development services can save a great deal of time and money. Instead of two teams working on separate codebases for different platforms, you just need one.

The development efficiency does not affect the quality of the delivered software, though. Flutter’s complete SDK and rich functionality allow for the creation of high-performance and visually appealing software that offers a native-like experience. Let’s have a look at its benefits.

**High performance**

Performance is a top priority in a mobile app because it directly affects the user experience. Freezes, bugs, or skipped frames can frustrate your customers and discourage them from using your app ever again. Fortunately, Flutter apps process 60 frames per second, which enables fast and smooth operations.

**Hot reload**

What sets Flutter apart from other technologies? There may be more than one thing, but the Hot Reload function really stands out.

This feature allows developers and designers to see introduced changes on the fly. So, instead of writing a piece of code and waiting for it to be compiled and loaded, they can see the effects immediately in the Dart Virtual Machine. This is a great tool for improving development efficiency.

**Customizable widgets**

A wide array of widgets available in Flutter’s libraries makes designing an eye-catching and responsive UI a piece of cake. Developers can mix pre-built widgets or customize them to create one-of-a-kind designs that look and feel like native ones.

Furthermore, Flutter’s elements are performance-optimized, so the UI is consistently responsive, even on less advanced devices.

Flutter is an enormously popular open-source framework continuously supported by its founder – Google. Regular boosts of new updates and bug fixes encourage developers to employ Flutter on a daily basis. This builds a developer community ready to share their tips and tricks to foster smooth software development. 

**Top-quality experience across multiple platforms**

Taking into consideration its benefits, Flutter is a real breakthrough in app development. It allows you to build a high-quality product in a fraction of the native development time and budget. If you want to make the most of the mobile traffic with the least possible effort and cost, developing a Flutter app is the way to go.

**Watch Google Introducing Flutter**

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Top Benefits of Using Flutter for Cross-Platform App Development

FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.

The Vector Packet Processor

FD.io’s Vector Packet Processor (VPP) is a fast, scalable layer 2-4 multi-platform network stack. It runs in Linux Userspace on multiple architectures including x86, ARM, and Power architectures.

VPP’s high performance network stack is quickly becoming the network stack of choice for applications around the world.

VPP is continually being enhanced through the extensive use of plugins. The Data Plane Development Kit (DPDK) is a great example of this. It provides some important features and drivers for VPP.

VPP supports integration with OpenStack and Kubernetes. Network management features include configuration, counters, sampling and more. For developers, VPP includes high-performance event-logging, and multiple kinds of packet tracing. Development debug images include complete symbol tables, and extensive consistency checking.

Some VPP Use-cases include vSwitches, vRouters, Gateways, Firewalls and Load-Balancers, to name a few.

For more details click on the links below or press next.

About VPP

*   Scalar vs Vector packet processing
*   The Packet Processing Graph
*   Network Stack Features
*   Host Stack
*   Additional features
*   Supported archs and OS
*   Performance
*   Release notes
*   VPP Supported Features

Use Cases

*   VPP with Containers
*   VPP with Iperf3 and TRex
*   VPP in the Cloud
*   VPP with Virtual Machines
*   VPP with VMware/Vmxnet3
*   VPP as a Home Gateway
*   Access Control Lists with VPP
*   Generating traffic with VPP
*   Web applications with VPP
*   Simulating networks with VPP
*   Stateless Traffic Gen with VPP
*   IKEv2 with VPP
*   VPP in kubernetes (Contiv/Deprecated)
*   VPP Container Test Bench

Getting started

*   Downloading and Installing VPP
    *   Installing on Ubuntu / Debian OS Distros
    *   Package Descriptions
*   Running VPP
    *   Usergroup
    *   Systemd File vpp.service
    *   Huge Pages
*   Progressive VPP Tutorial
    *   Setting up your environment
    *   Running VPP
    *   Creating an Interface
    *   Using the trace command
    *   Connecting Two FD.io VPP Instances
    *   Routing
    *   Switching
*   Troubleshooting
    *   CPU Load/Usage
    *   Google Sanitizers
    *   Memory leaks

Developer Documentation

*   Build, Run & Debug
    *   Building VPP
    *   Running VPP
    *   Testing VPP
    *   GDB Examples
    *   Cross compilation on MacOS
*   Core Architecture
    *   Software Architecture
    *   VPPINFRA (Infrastructure)
    *   VLIB (Vector Processing Library)
    *   VNET (VPP Network Stack)
    *   Feature Arcs
    *   Buffer Metadata
    *   Multi-architecture support
    *   Bounded-index Extensible Hashing (bihash)
    *   Build System
    *   VPP mem preload
    *   Multi-threading in VPP
*   Core Features
    *   The FIB
    *   Segment routing
    *   Punting Packets
    *   IPSec (IP Security)
    *   BFD module
    *   IP Reassembly
    *   IPFIX support
    *   Switched Port Analyzer
    *   MTU in VPP
    *   Generic Segmentation Offload
    *   Syslog protocol support
    *   Event-logger
    *   Statistics
    *   SELinux - VPP Custom SELinux Policy
    *   Policing
*   Adding a new plugin or feature
    *   Adding a plugin
    *   Sample plugin for VPP
    *   Handoff queue in a plugin
*   Plugins
    *   QUIC HostStack
    *   Cloud NAT
    *   Linux Control Plane Integration
    *   SRv6 Plugins
    *   Marvell device plugin
    *   LLDP Protocol
    *   Stateful NAT64
    *   Active-Passive NAT HA
    *   NAT44-ED: NAT44 Endpoint Dependent
    *   PNAT 1:1 match & rewrite NAT
    *   Load Balancer plugin
    *   LACP Protocol
    *   IPFIX flow record plugin
    *   MAP and Lw4o6
    *   Buffer metadata change tracker
    *   DHCPv6 prefix delegation
    *   Inband OAM (iOAM)
    *   Wireguard vpp-plugin
    *   SRTP Protocol
    *   Multicore support for ACL plugin
    *   ACL plugin constant-time lookup
    *   ACL Lookup contexts
    *   Buffers monitoring plugin
*   Device drivers
    *   Intel AVF device driver
    *   RDMA (ibverb) device driver
    *   VMWARE vmxnet3 device driver
    *   AF\_XDP device driver
*   VPP Test Framework
    *   Overview
    *   Anatomy of a test case
    *   Logging
    *   Parallel test execution
    *   Test temporary directory and VPP life cycle
    *   Virtual environment
    *   Naming conventions
    *   Automatically generated addresses
    *   Packet flow in the VPP Test Framework
    *   Test framework objects
    *   How VPP APIs/CLIs are called
    *   Utility methods
    *   Example: how to add a new test
*   VPP extra tools
    *   Code coverage with lcov
    *   VPP Snap Build
    *   Strongswan Testing Tool
    *   VPP configuration utility
    *   VPP interface stats client
    *   VPP stats segment FUSE filesystem
    *   VPP Top Installation
    *   LD\_PRELOAD the VCL
    *   Host stack test framework

Interfacing with VPP

*   The binary API
    *   VPP API module
    *   VPP API Language
    *   Writing API handlers
*   C api client
*   C++ api client
*   Go api (govpp)
    *   Components involved
    *   Getting started
    *   Launch VPP
    *   Connecting to VPP
*   Rust api client
*   Memif library (libmemif)
    *   Shared Memory Packet Interface (memif) Library
    *   Build Instructions
    *   Getting started
    *   Libmemif Examples

Contributing

*   Getting a Patch Reviewed
    *   Setup
    *   Clone with ssh
    *   Git Review
*   Writing VPP Documentation
    *   Building the docs
    *   View the results
    *   Writing Docs and merging
*   Reporting Bugs
    *   Data to include in bug reports
    *   Capturing post-mortem data
    *   Core files from Private Images

Debug CLI

*   Getting Started with the debug CLI
    *   Debug and Telnet CLI
    *   CLI features
*   Interface Commands
    *   Basic Interface Commands
    *   Hardware-Interfaces Commands
    *   Create Interfaces Commands
    *   Set Interface Commands
*   Reference
    *   ARP and Loopback CLI
    *   Circular Journal
    *   Command line session
    *   DPDK Crypto
    *   DPDK and pcap tx
    *   Host Interface
    *   Image Version Information
    *   Init functions
    *   Interface
    *   Layer 2 CLI
    *   Layer 3 IP CLI
    *   Network Delay Simulator
    *   Static HTTP Server
    *   Unix Interface
    *   VLIB application library
    *   VXLAN CLI
    *   VXLAN-GBP CLI
    *   Perfmon cli reference
    *   Gbp cli reference
    *   L2e cli reference
    *   netmap
    *   Abf cli reference
    *   Acl cli reference
    *   Adl cli reference
    *   Af\_xdp cli reference
    *   Arping cli reference
    *   Avf cli reference
    *   Bufmon cli reference
    *   Builtinurl cli reference
    *   Cdp cli reference
    *   Cnat cli reference
    *   Crypto\_sw\_scheduler cli reference
    *   Ct6 cli reference
    *   Dhcp cli reference
    *   Dispatch-trace cli reference
    *   Dns cli reference
    *   Cryptodev cli reference
    *   Flowprobe cli reference
    *   Geneve cli reference
    *   Gtpu cli reference
    *   Hs\_apps cli reference
    *   Igmp cli reference
    *   Ikev2 cli reference
    *   Ila cli reference
    *   Ip6 cli reference
    *   Encap cli reference
    *   Export cli reference
    *   Export-vxlan-gpe cli reference
    *   Ip6 cli reference
    *   Lib-pot cli reference
    *   Lib-trace cli reference
    *   Lib-vxlan-gpe cli reference
    *   Udp-ping cli reference
    *   L2tp cli reference
    *   L3xc cli reference
    *   Lacp cli reference
    *   Lb cli reference
    *   Linux-cp cli reference
    *   Test cli reference
    *   Lisp-cp cli reference
    *   Lisp-gpe cli reference
    *   Test cli reference
    *   Lldp cli reference
    *   Mactime cli reference
    *   Map cli reference
    *   Pp2 cli reference
    *   Mdata cli reference
    *   Memif cli reference
    *   Mss\_clamp cli reference
    *   Det44 cli reference
    *   Dslite cli reference
    *   Nat44-ed cli reference
    *   Nat44-ei cli reference
    *   Nat64 cli reference
    *   Nat66 cli reference
    *   Pnat cli reference
    *   Nsh cli reference
    *   Nsh-md2-ioam cli reference
    *   Export-nsh-md2-ioam cli reference
    *   Oddbuf cli reference
    *   Perfmon cli reference
    *   Ping cli reference
    *   Pppoe cli reference
    *   Prom cli reference
    *   Quic cli reference
    *   Rdma cli reference
    *   Snort cli reference
    *   Stn cli reference
    *   Svs cli reference
    *   Tlsopenssl cli reference
    *   Tracedump cli reference
    *   Unittest cli reference
    *   Urpf cli reference
    *   Vhost cli reference
    *   Vmxnet3 cli reference
    *   Vrrp cli reference
    *   Wireguard cli reference
    *   Dma cli reference
    *   Pci cli reference
    *   Stats cli reference
    *   Vlibapi cli reference
    *   Vlibmemory cli reference
    *   Adj cli reference
    *   Arp cli reference
    *   Bfd cli reference
    *   Bier cli reference
    *   Bonding cli reference
    *   Classify cli reference
    *   Crypto cli reference
    *   Pipe cli reference
    *   Tap cli reference
    *   Dpo cli reference
    *   Feature cli reference
    *   Fib cli reference
    *   Flow cli reference
    *   Gre cli reference
    *   Gso cli reference
    *   Hash cli reference
    *   Interface cli reference
    *   Ip-neighbor cli reference
    *   Reass cli reference
    *   Ip6-nd cli reference
    *   Ipfix-export cli reference
    *   Ipip cli reference
    *   Ipsec cli reference
    *   Lawful-intercept cli reference
    *   Mfib cli reference
    *   Mpls cli reference
    *   Pg cli reference
    *   Policer cli reference
    *   Qos cli reference
    *   Session cli reference
    *   Span cli reference
    *   Srmpls cli reference
    *   Srv6 cli reference
    *   Syslog cli reference
    *   Tcp cli reference
    *   Teib cli reference
    *   Udp cli reference
    *   Unix cli reference
    *   Vxlan-gpe cli reference
    *   Api cli reference
    *   App cli reference
    *   Vnet cli reference
    *   vHost User

Configuration file

*   Getting started with the configuration
    *   Command-line Arguments
    *   Configuration File (startup.conf)
*   Configuration Reference
    *   The unix section
    *   The api-trace Section
    *   The api-segment Section
    *   The socksvr Section
    *   The cpu Section
    *   The buffers Section
    *   The dpdk Section
    *   The plugins Section
    *   Some Advanced Parameters:
    *   acl-plugin Section
    *   api-queue Section
    *   cj Section
    *   dns Section
    *   ethernet Section
    *   heapsize Section
    *   ip Section
    *   ip6 Section
    *   l2learn Section
    *   l2tp Section
    *   logging Section
    *   mactime Section
    *   “map” Parameters
    *   nat Section
    *   oam Section
    *   physmem Section
    *   tapcli Section
    *   tcp Section
    *   tls Section
    *   tuntap Section
    *   vhost-user Section
    *   vlib Section

About this documentation

VPP Version : 23.02\-release
Built on    : 02 March 2023

CVE-2022-46397: What is the Vector Packet Processor (VPP) — The Vector Packet Processor v23.02-0-g5516fc0f3 documentation

A novel cyber threat against macOS users is being sold for $100 a pop on the Dark Web, and activity is ramping up.

An information-stealing malware that targets Apple's macOS operating system is making the cyberrounds, siphoning off documents, iCloud keychain data-like passwords, browser cookies, and more from unwitting Apple users.

Appropriately dubbed "MacStealer," it's going for just $100 per build on the cyber underground, so it's no surprise that "more MacStealer samples have been spreading recently," according to a recent Uptycs analysis on the threat.

The malware affects the Catalina version of macOS and subsequent versions that use Intel M1 and M2 CPUs. It also uses the encrypted Telegram messaging platform for command-and-control (C2), the researchers found.

To propagate, operators are looking for low-hanging fruit, hoping to harvest victims by luring them to download .DMG files, which are containers for macOS apps. Fake apps in app stores, piracy websites, or email attachments could all be potential conduits for infection.

"The bad actor uses a .DMG file to spread the malware. After a user executes the file, it opens a fake password prompt," Uptycs researchers explained in the post. "Once the user enters their login credentials, the stealer … \[compresses\] the data and sends it to C2 via a POST request using a Python User-Agent request. It deletes the data and ZIP file from the victim's system during a subsequent mop-up operation."

This is just the latest malware to target Macs in recent months. In February, pirated versions of Apple's Final Cut Pro video-editing software were found delivering a version of the XMRig cryptocurrency mining tool. And last year, a previously-unknown, macOS spyware called "CloudMensis" surfaced in a highly targeted campaign, exfiltrating documents, keystrokes, screen captures, and more from Apple machines.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

MacStealer Malware Plucks Bushels of Data From Apple Users

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

**Netatalk 3.1.13**

The Netatalk development team is proud to announce latest release of the Netatalk 3.1 release series. Users are encouraged to update their servers to the 3.1 release series which is the stable and supported version for production systems.

Netatalk is a freely-available Open Source AFP fileserver. A \*NIX/\*BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server (AFP).

The suite contains:

*   netatalk - the main server service controller
    
*   afpd - the AFP file server daemin
    
*   cnid\_metad - the CNID database multiplexing daemon
    
*   cnid\_dbd - the CNID database daemon serving CNIDs for AFP volumes
    
*   various supporting programs and utilities
    

**Summary of major new features and enhancements in 3.1**

*   AFP Spotlight Support with Gnome Tracker: https://projects.gnome.org/tracker/
    

Please refer to the online manual for details about compiling Netatalk with Spotlight support and how to configure:

Please make sure to read the upgrading section in the Netatalk online manual before trying to upgrade your system from version 2:

**License**

Netatalk is a Free/Open Source Software project and is released under the GNU General Public License (GPLv2). The full license text is available at:

**Changes in 3.1.13**

*   FIX: CVE-2021-31439
    
*   FIX: CVE-2022-23121
    
*   FIX: CVE-2022-23123
    
*   FIX: CVE-2022-23122
    
*   FIX: CVE-2022-23125
    
*   FIX: CVE-2022-23124
    
*   FIX: CVE-2022-0194
    
*   FIX: afpd: make a variable declaration a definition
    
*   UPD: Remove bundled libevent
    

**Supported Platforms**

As of Netatalk 3.0 the following operating systems are supported:

*   FreeBSD
    
*   Linux
    
*   OpenBSD
    
*   NetBSD
    
*   Solaris and derivates
    

Netatalk may compile and run on other operating systems as well, but it is not well-tested on those. We welcome patches and suggestions for enhancing the portability of Netatalk as well as success and failure stories. Please write to netatalk-devel@lists.sourceforge.net.

**Availability**

Netatalk tar-balls can be found at:

Netatalk is also available via anonymous git. See the SourceForge project site for anonymous git instructions.

**Contact**

For more information about Netatalk, see its web page at:

The project is hosted at SourceForge. The SourceForge project page is located at:

The Netatalk development team can be reached via the mailing list netatalk-devel@lists.sourceforge.net. For subscription information and archives see Netatalk’s SourceForge project page.

netatalk-admins@lists.sourceforge.net is a mailing list for Netatalk system administrators. For subscription information and archives see the Netatalk web page.

**Acknowledgements**

We would like to thank all contributors to the Netatalk project for their commitment. Without the many suggestions, bug and problem reports, patches, and reviews this project wouldn’t be where it is.

*   The Netatalk Development Team, March 2022

CVE-2022-23122: Netatalk Release Notes

An issue in Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions via disabling process privilege tokens.

**Coordinated Disclosure Timeline**

22/12/2022: Report submission to Vendor via Direct Email to Research & Develop  
19/01/2023: Vendor acknowledged CVE and has been notified of my intention to publish the advisory  
26/02/2022: CVE submission sent to MITRE.org  

**Executive Summary**

An issue found in "Cynet Client Agent" Ver 4.6.0.8010 allows attackers to completely disable cynet protection modules into the attacked machine having local Administrator or System privileges.

**Technical Summary**

To exploit the vulnerability an attacker must get System Rights into the machine and use a tool like process hacker that permits him to remove privilege tokens from running processes.

IMPORTANT: this local vulnerability can expose useful information to an attacker willing to escalate his privileges. After a successful attack lateral movement can be done via multiple ways.

**Product**

Cynet Client Agent

**Tested Version**

Ver 4.6.0.8010

**Details**

**Issue: Antimalware protection components full disablement**

System privileges gained through local administrator account permits to seamlessly disable the whole EDR protection capabilities via process' privilege tokens disablement

**Impact**

EDR Protection fully disabled on the system

**CVE**

CVE-XXXX-XXXXXX

**Credit**

This issue was discovered and reported by Nicolas Fasolo (@Err0r0x41414141)

**Contact**

You can contact me at nicolas.fasolo@hotmail.it, please include a reference to CVE-XXXX-XXXXXX in any communication regarding this topic.

CVE-2023-27247: CVEs/Readme.md at main · NF-Security-Team/CVEs

Microsoft on Tuesday unveiled Security Copilot in preview, marking its continued push to embed AI-oriented features in an attempt to offer "end-to-end defense at machine speed and scale."
Powered by OpenAI's GPT-4 generative AI and its own security-specific model, it's billed as a security analysis tool that enables cybersecurity analysts to quickly respond to threats, process signals, and

Artificial Intelligence / Cyber Threat

Microsoft on Tuesday unveiled **Security Copilot** in preview, marking its continued push to embed AI-oriented features in an attempt to offer "end-to-end defense at machine speed and scale."

Powered by OpenAI's GPT-4 generative AI and its own security-specific model, it's billed as a security analysis tool that enables cybersecurity analysts to quickly respond to threats, process signals, and assess risk exposure.

To that end, it collates insights and data from various products like Microsoft Sentinel, Defender, and Intune to help security teams better understand their environment; determine if they are susceptible to known vulnerabilities and exploits; identify ongoing attacks their scale, and receive remediation instructions; and summarize incidents.

Users, for instance, can ask Security Copilot about suspicious user logins over a specific time period, or even employ it to create a PowerPoint presentation outlining an incident and its attack chain. It can also accept files, URLs, and code snippets for analysis.

Redmond said its proprietary security-specific model is informed by more than 65 trillion daily signals, emphasizing that the tool is privacy-compliant and customer data "is not used to train the foundation AI models."

"Today the odds remain stacked against cybersecurity professionals," Vasu Jakkal, Microsoft's corporate vice president of Security, Compliance, Identity, and Management, pointed out.

"Too often, they fight an asymmetric battle against prolific, relentless and sophisticated attackers. To protect their organizations, defenders must respond to threats that are often hidden among noise."

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

Security Copilot is the latest AI push from Microsoft, which has been steadily integrating generative AI features into its software offerings over the past two months, including Bing, Edge browser, GitHub, LinkedIn, and Skype.

The development also comes weeks after the tech giant launched Microsoft 365 Copilot, integrating AI capabilities within its suite of productivity and enterprise apps such as Office, Outlook, and Teams.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors.

Cybercriminal group Kimsuky has evolved into a full-fledged, persistent threat, carrying out "unusually aggressive" social-engineering attacks aimed at gathering intelligence, and stealing and laundering cryptocurrency to support the North Korean government.

Researchers from Mandiant have tracked a number of changes to the activity of the group, which they call APT43, in a series of rapid-fire attacks against targets in the US, South Korea, and Japan, they revealed in a report published today.

Kimsuky, also tracked as Thallium, has been on various researchers' radar screens since 2018, and its previous activity has been widely reported. In earlier attacks, the group mainly focused on conducting cyber espionage against research institutions, geo-political think tanks, and — particularly during the height of the pandemic — pharmaceutical companies.

The group typically used spear-phishing campaigns to lure in users and then installed various public and non-public malware, including spyware, onto targeted devices, which were often Android-based smartphones. In fact, Kimsuky was identified as recently as earlier this month leveraging malicious Chrome browser extensions and Android app-store services to target individuals conducting research on the inter-Korean conflict.

Now, however, Mandiant researchers have found that APT43 is evolving in several ways.

**New Financial & Social Tactics**

For one, the group is now following in the shoes of other North Korean APTs and branching out beyond mere cyber espionage to steal cryptocurrency, the researchers have found. In addition to using the ill-gotten currency to fund the regime of Kim Jong-un, as other groups do, APT43 also uses it to bolster its own activities, they said.

The group is even going the extra step of laundering the crypto through legitimate cloud-mining services so it comes out as clean currency and is difficult to track — an activity that might be used by other groups, but has flown under the radar until now, the researchers said.

"The washing of funds and the 'how' has been the missing piece of the equation," notes Michael Barnhart, Mandiant principal analyst at Google Cloud. "We have indications that APT43 utilizes specific hash rental services to launder these funds by mining for different cryptocurrencies."

For a small fee, these services provide hash power, which APT43 uses to mine cryptocurrency to a wallet selected by the buyer without any blockchain-based association to the buyer's original payments. This allows the APT to use stolen funds to mine for a different cryptocurrency, the researchers said. By spending very little, threat actors walk away with untracked, clean currency to do as they wish, Barnhart explains.

Moreover, APT43 — while technologically unsophisticated — relies on advanced and persistent social-engineering tactics in which threat actors create convincing fake personas and exhibit patience in building relationships with targets over several weeks without using malware, the researchers said.

"I've never seen an APT quite as successful with such novel techniques," Barnhart notes. "They pretend to be subject-matter experts or reporters and ask targeted questions — often with the promise of quoting the victim in a report or news article — and successfully gain feedback."

Indeed, in some instances, attackers successfully convinced targeted victims to send over proprietary, geopolitical analysis and research without deploying malware at all, the researchers said.

This deviates from standard procedure for most threat groups, allowing APT43 to expend little effort or resources in building malware and gaining the information they are seeking in a low-fi way — by merely asking victims for it, Barnhart notes.

**High Volume Cyberattacks, Shifting Targets**

APT43 has shifted its targets, and the malware it uses, in campaigns over the years in response to the demands of the North Korean government and the cyberespionage activities it requires of the group, according to Mandiant.

"APT43 ultimately modifies its targeting and tactics, techniques, and procedures (TTPs) to suit its sponsors, including carrying out financially-motivated cybercrime as needed to support the regime," the researchers said in the report.

For example, prior to October 2020, the group primarily targeted US and South Korean government offices, diplomatic organizations, and think tank-related entities with a stake in foreign policy and security issues affecting the Korean peninsula. Over the next year, however, the group shifted its focus to COVID-19 response efforts in North Korea by targeting health-related verticals and pharmaceutical companies in South Korea, the US, Europe, and Japan.

One notable difference that has emerged between the group and other North Korean threat actors is a recent shift to expand, targeting "everyday users" based on "the sheer velocity and volume of attacks," says Joe Dobson, Mandiant principal analyst.

"By spreading their attack out across hundreds, if not thousands, of victims, their activity becomes less noticeable and harder to track than hitting one large target," he says. "Their pace of execution, combined with their success rate, is alarming."

APT43 is aiming its high-volume activity at entities and organizations in government, business services, and manufacturing as well as think tanks and organizations in education and research related to geopolitical and nuclear policy in the US, South Korea, and Japan, the researchers said.

Given its advanced social-engineering tactics and tendency to go after both specific individuals and wider-net targets, researchers advised organizations that may be at risk to share with their employees "a greater understanding of cyber hygiene and heightened awareness," Barnhart says. "It's important to make personnel aware of this threat actor's TTPs," Barnhart says.

He adds that the APT's spoofed emails are highly convincing, which makes them difficult to spot, even for savvy users; thus, organizations at risk should be on high alert.

North Korea's Kimsuky Evolves into Full-Fledged, Prolific APT43

The new tool aims to deliver the network insights and coordination that “AI” security systems have long promised.

For years now, “artificial intelligence” has been a hot buzzword in the cybersecurity industry, promising tools that spot suspicious behavior on a network, quickly figure out what's going on, and guide incident response if there's an intrusion. The most credible and useful of services, though, have actually been machine learning algorithms trained to spot characteristics of malware and other dubious network activity. Now, as generative AI tools proliferate, Microsoft says it has finally built a service for defenders that's worthy of all the hype.

Two weeks ago, the company launched Microsoft 365 Copilot, which builds on a partnership with OpenAI along with Microsoft's own work on large language models. The company is now rolling out Security Copilot, a sort of security field notebook that integrates system data and network monitoring from security tools like Microsoft Sentinel and Defender and even third-party services. 

Security Copilot can surface alerts, map out in both words and charts what may be going on within a network, and provide steps for a potential investigation. As a human user works with Copilot to map out a possible security incident, the platform tracks history and generates summaries, so if colleagues get added to the project, they can quickly come up to speed and see what's been done so far. The system will also automatically produce slides and other presentation tools about an investigation to help security teams communicate the facts of a situation to people outside their department, and particularly executives who may not have security experience but need to stay informed.   

“Over the past few years, what we’ve seen is this absolute escalation in the frequency of attacks, in the sophistication of attacks, as well as in the intensity of attacks,” says Vasu Jakkal, Microsoft’s chief vice president of security. “And there is not a lot of time for a defender to contain the escalation of an attack. The balance is right now shifted in the direction of attackers.” 

Courtesy of Microsoft

Jakkal says that while machine learning security tools have been effective in specific domains, like monitoring email or activity on individual devices—known as endpoint security—Security Copilot brings all of those separate streams together and extrapolates a bigger picture. “With Security Copilot you can catch what others may have missed because it forms that connective tissue,” she says.

Security Copilot is largely powered by OpenAI's ChatGPT-4, but Microsoft emphasizes that it also integrates a proprietary Microsoft security-specific model. The system tracks everything that's done during an investigation. The resulting record can be audited, and the materials it produces for distribution can all be edited for accuracy and clarity. If something Copilot is suggesting during an investigation is wrong or irrelevant, users can click the “Off Target” button to further train the system.

The platform offers access controls so certain colleagues can be shared on particular projects and not others, which is especially important for investigating possible insider threats. And Security Copilot allows for a sort of backstop for 24/7 monitoring. That way, even if someone with a specific skillset isn't working on a given shift or a given day, the system can offer basic analysis and suggestions to help plug gaps. For example, if a team wants to quickly analyze a script or software binary that may be malicious, Security Copilot can start that work and contextualize how the software has been behaving and what its goals may be.

Microsoft emphasizes that customer data is not shared with others and is “not used to train or enrich foundation AI models.” Microsoft does pride itself, though, on using “65 trillion daily signals” from its massive customer base around the world to inform its threat detection and defense products. But Jakkal and her colleague, Chang Kawaguchi, Microsoft's vice president and AI security architect, emphasize that Security Copilot is subject to the same data-sharing restrictions and regulations as any of the security products it integrates with. So if you already use Microsoft Sentinel or Defender, Security Copilot must comply with the privacy policies of those services.

Kawaguchi says that Security Copilot has been built to be as flexible and open-ended as possible, and that customer reactions will inform future feature additions and improvements. The system's usefulness will ultimately come down to how insightful and accurate it can be about each customer’s network and the threats they face. But Kawaguchi says that the most important thing is for defenders to start benefiting from generative AI as quickly as possible.

As he puts it: “We need to equip defenders with AI given that attackers are going to use it regardless of what we do.”

Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches

Apple Security Advisory 2023-03-27-9 - Studio Display Firmware Update 16.4 addresses a code execution vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-03-27-9 Studio Display Firmware Update 16.4Studio Display Firmware Update 16.4 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213672.DisplayAvailable for: macOS Ventura 13.3 and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2023-27965: Proteas of Pangu LabFor more information about Studio Display Firmware updates,please visit https://support.apple.com/HT213110.All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiIZwACgkQ4RjMIDkeNxm/gg//WKOK5VTFA9xuq5Mg5TsMin22eCVxfJgh7Lafn/bOpi1zq5BI+j9t8itbKkTu5V/iiiZG2jV6Sr2e3CC8WSilgjexoREoMpRkED74DgGr4HoWYA9EVxrdCMoT2OF3ehSUKKWAOAKxB54C5STGXEDHoI6sx7wuMdDCJUnqDMOoVWlJnKaV6/AtAm8Ji731JzRLlaRdGSoMltfwfK+f8co1PWwZ2wK+ktNfJQYaQAc0dmED1/y28EOcxk3c//qxiE/fkBr4BH5LOjf5VQ2B2rOoLWjiQTILbJwfYZLhBnCK6pUJgFk3490mbq4J6sNoiAhzI6A4F8hFmfdOhYPzTWNqKuK5al/SoxyDrNqImrjZkrgCY/0aUPpm5BZyZge6KrS5Gkgezcwt5bI8BMuGSekZGmm32zO0lWOnVYpO8oWOkLTN5zcToMi+eorth11UQGQtO0u+lSCxwmx6IAuStxGlMka7Jo+tTymMp4x85xkZ/y5d67TJVg41/tOdsp66adZTY0vDzeVsXjFxKnLqc7QSdmWa7t5OkQyhBAj7SvJPNaHq5AT+O5GBYzgcAklpeBbinVwepmGLBslXhgrRp6cPu1w7GsCZVR7mmFzwBASfWn9OtjXPeEiOONAdIx3/e6ZqU/n/K5JwmcA4r3RgzkZELzApKKhphicB/u+vlaVnmg4==M4UX-----END PGP SIGNATURE-----

Apple Security Advisory 2023-03-27-9

rukovoditel version 3.2.1 suffers from a cross site scripting vulnerability.

    ## Title: rukovoditel 3.2.1 - Cross-Site Scripting (XSS)## Author: nu11secur1ty## Date: 11.03.2022## Vendor: https://www.rukovoditel.net/## Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel_3.2.1.zip/download## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1## Description:The application is vulnerable to DOM-based cross-site scriptingattacks. Data is read from `location.hash` and passed to`jQuery.parseHTML`.The attacker can use this vulnerability to create an unlimited numberof accounts on this system until it crashed.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```POSTGET /rukovoditel/index.php?module=users/restore_password HTTP/1.1Host: pwnedhost.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.63Safari/537.36Connection: closeCache-Control: max-age=0Cookie: sid=jf2mf72r2kfakhhnn6evgusrcg;cookie_test=please_accept_for_session;app_login_redirect_to=module%3Ddashboard%2FUpgrade-Insecure-Requests: 1Referer: http://pwnedhost.com/rukovoditel/index.php?module=users/loginSec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1)## Proof and Exploit:[href](https://streamable.com/i1qmfk)## Time spent`3:45`

Tag

#mac